GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
11 advisories
Server-Side Request Forgery in link-preview-js
Moderate
CVE-2022-25876
was published
for
link-preview-js
(npm)
Jul 2, 2022
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
Prototype pollution in @strikeentco/set
High
CVE-2020-28267
was published
for
@strikeentco/set
(npm)
May 24, 2022
Expo on iOS is insecure due incorrect security attribute application
Moderate
CVE-2020-24653
was published
for
expo
(npm)
May 24, 2022
OpenPGP 1.2.0 and earlier decrypts arbitrary messages
High
CVE-2015-8013
was published
for
openpgp
(npm)
May 17, 2022
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
ProTip!
Advisories are also available from the
GraphQL API